Nitzan

Nitzan

If this prod is rocking, don’t come a-knocking

Group Policy Security Filtering and Loopback

less than 1 minute read

I recently discovered that when applying a GP object using loopback and user security filtering (allowing only specific users to apply the GP), the computer still needs read access to the GP.

Otherwise, the GP will show up as not applied due to it being “inaccessible”:

My guess is that it’s because the group policy engine is using the computer account’s security context to collect the loopback GPs.
Basically, you have to give the computer account you wish to apply the GP on read permissions on the GP object. You can simply use Domain Computers if the content of the GP is not sensitive.
You can either:

  • Grant Read permissions through the “Delegation” tab:

OR

  • Add the computers to the security filtering (only if the GP has no computer settings, otherwise they will apply):

Now the GP loopback will work fine.
Enjoy!

You May Also Enjoy

Java SMPP helper

6 minute read

One of my projects involves communicating over SMS with cellular-connected IoT devices. The company already has a working infastructure for sending and recie...

Adding shortcuts to your search engine

3 minute read

I really like DuckDuckGo’s bangs, which basically directs your query elsewhere if you prefix it with !something. You could search the London zoo in gmaps by ...

Bridging Switcher’s UDP over OpenWRT

1 minute read

Seems like I’m doing this setup once every 3 years, then forget about it until the next time it breaks. I hope this is the last time I’m rediscovering this.

Invalid number: Nov

5 minute read

One of my current projects is migrating a big Java project from Java 8 to a supported version. Since we’re doing small, stable steps, we started with Java 11...